Category Archives: Threat Modeling

Cyber Intelligence Universe

In recent years all “cyber” is fashionable, and intelligence applied to the cyber world could not be less! The concept of intelligence has an offensive meaning due to the use by intelligence and military agencies, but now too many security … Continue reading

Posted in Pentest, Security, Technology, Threat Modeling | Tagged , , , , | Leave a comment

OWASP Top Ten 2013 free workshop

Yesterday, July 17th, I taught a free workshop about the OWASP Top Ten 2013 which was published recently that describes the 10 most common vulnerabilities in Web applications. This free workshop is a collaboration between the Catedral de Innovación of … Continue reading

Posted in Security, Technology, Threat Modeling | Tagged , , , , , , | Leave a comment

AppSec: Build Rooted Detection in your App

For various reasons many Apps need to detect if the phone has been “rooted” and in this article will see different techniques for this purpose. Since it is common to see this type of questions in development forums, I thought … Continue reading

Posted in Pentest, Privacy, Security, Technology, Threat Modeling | Tagged , , , , , , , | Leave a comment

AppSec: Improve your software security with GCC Stack Protector Strong

The other day helping out a client to develop secure software it came to my mind that this topic could be of interest to my readers. Obviously this topic is quite wide, but in this article I will focus in … Continue reading

Posted in Pentest, Privacy, Security, Technology, Threat Modeling | Tagged , , , , , , , , | Leave a comment

AppSec USA 2012: the experience

You know you are in Texas when you get out of the plane and hear country music through the airport and I was there indeed because the 25 and 26th of October the OWASP AppSec USA conference was taking place … Continue reading

Posted in Conference, Hacking, OWASP, Pentest, Privacy, SDL, Security, Technology, Threat Modeling | Tagged , , , , , , | Leave a comment

AppSec: Static Analysis Using Visual Studio 2010 for Hunting C/C++ Bugs

[Español] Para este artículo hablaremos de una magnífica herramienta como es Visual Studio 2010, el entorno de desarrollo de Microsoft, que utilizo a diario para realizar auditorías de código en C/C++ o .NET. Cuando imparto clases sobre SDL es frecuente … Continue reading

Posted in Microsoft, Pentest, SDL, Security, Threat Modeling | Tagged , , , , , , , , | 1 Comment

Software Security Development Framework: Survival Guide

La seguridad en el ciclo de desarrollo de aplicaciones ya no es opcional, tiene que ser considerada como un elemento vital y crítico para cualquier tipo de producto ya sea una aplicación web, móvil, cliente, etc. sin ningún tipo de … Continue reading

Posted in Microsoft, OWASP, SDL, Security, Threat Modeling | Tagged , , , , | Leave a comment

Attack Surface Analysis Infinitum

En cualquier revisión de seguridad ya sea un test de intrusión, revisión de una aplicación web o de código fuente el Attack Surface Analysis (ASA) es una poderosa metodología que podemos utilizar para identificar los vectores de ataque del sistema. … Continue reading

Posted in Microsoft, OWASP, Pentest, SDL, Security, Threat Modeling | Tagged , , , | Leave a comment

Microsoft Security Sites

ESP: Nadie puede negar el esfuerzo que dedica Microsoft a la seguridad aunque haya gente que no lo aprecie. Por eso voy a dedicar este post a sitios Web sobre seguridad de la compañía que mucha gente no conoce y … Continue reading

Posted in Microsoft, SDL, Security, Threat Modeling | Leave a comment